Markers not displayed when (Vaadin) Spring Security is used

[McPringle]

Checklist

• I am able to reproduce the bug with the latest version
• I made sure that there are no existing issues - open or closed - which I could contribute my information to.
• I have taken the time to fill in all the required details. I understand that the bug report will be dismissed otherwise.
• This issue contains only one bug.

Affected version

4.4.0

Steps to reproduce the bug

1. add vaadin-maps-leaflet-flow to a project
2. add a map showing a marker
3. add spring-boot-starter-security
4. configure HTTP authorization

Expected behavior

The map is displayed, the marker is visible

Actual behavior

The map is displayed, the marker is not visible

Additional information

It turns out the marker is not displayed because a request to the marker will be redirected to the login page. The marker URL is a file in the root directory of the Vaadin application:

http://localhost:8080/marker-icon.png

That looks like a bug. A component should never add files directly to the root directory. It's better to use the sub-directory /icons or /images which usually has a "permit all" to the contents (including subdirectories). So using e.g. /icons/leaflet/marker-icon.png should fix the permission problem with Vaadin / Spring Security.

[AB-xdev]

Thank you for the issue.

However this is working as intended as Leaflet's default marker icon points there:

• https://leafletjs.com/reference.html#icon-default
• https://github.com/Leaflet/Leaflet/blob/c511e66c20dce06ac05c43cf287b3ecdba00d924/src/layer/marker/Icon.Default.js#L23-L25

If you want to use a different URL/icon you can either supply a custom LIcon to your markers or follow the Leaflet docs on how to overwrite the default.

I will add a short section to the Readme that explains the static resources.

The overall situation is also only problematic when one uses a view that has no authentication but the rest of the app has.